🔥 Trending CVEs - Last 90 Days
4,501 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to bypass authentication and gain Administrator privile...
📅 41 days ago • Jan 28, 2026OpenEMR versions before 7.0.4 have a broken access control vulnerability in the Profile Edit endpoint. Authenticated normal users can modify request p...
📅 42 days ago • Jan 28, 2026This is a cross-site scripting (XSS) vulnerability in Ghost CMS that allows attackers to craft malicious links. When authenticated staff users or memb...
📅 42 days ago • Jan 27, 2026A vulnerability in PyTorch's `weights_only` unpickler allows attackers to craft malicious checkpoint files (.pth) that, when loaded, can corrupt memor...
📅 42 days ago • Jan 27, 2026A use-after-free vulnerability in Firefox's Layout: Scrolling and Overflow component allows attackers to execute arbitrary code by tricking users into...
📅 42 days ago • Jan 27, 2026A low-privileged remote attacker can execute arbitrary code by sending specially crafted calls to the Device Manager web service or local API, exploit...
📅 42 days ago • Jan 27, 2026This Cross-Site Request Forgery vulnerability in the EZCast Pro II admin interface allows attackers to trick authenticated administrators into executi...
📅 42 days ago • Jan 27, 2026This command injection vulnerability in TP-Link Archer MR600 v5 firmware allows authenticated attackers to execute system commands through the admin i...
📅 43 days ago • Jan 26, 2026This vulnerability allows unauthorized password changes on Tenda W30E V2 routers without verifying the current password. Attackers who gain access to ...
📅 43 days ago • Jan 26, 2026This vulnerability allows authenticated low-privileged users to change the administrator password on Tenda W30E V2 routers by exploiting an authorizat...
📅 43 days ago • Jan 26, 2026This CVE describes a privilege escalation vulnerability where the web server binary runs with root privileges, violating the principle of least privil...
📅 43 days ago • Jan 26, 2026CVE-2026-1428 is an OS command injection vulnerability in WellChoose's Single Sign-On Portal System that allows authenticated remote attackers to exec...
📅 43 days ago • Jan 26, 2026This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on servers running WellChoose's Single Sign-On...
📅 43 days ago • Jan 26, 2026This vulnerability allows remote attackers to execute arbitrary code on Tenda AC23 routers via a buffer overflow in the WifiExtraSet function. Attacke...
📅 43 days ago • Jan 26, 2026A heap buffer overflow vulnerability in iccDEV's CIccTagXmlSegmentedCurve::ToXml() function allows attackers to execute arbitrary code or cause denial...
📅 45 days ago • Jan 24, 2026CVE-2026-24406 is a heap buffer overflow vulnerability in iccDEV's CIccTagNamedColor2::SetSize() function that allows attackers to execute arbitrary c...
📅 46 days ago • Jan 24, 2026A heap buffer overflow vulnerability in iccDEV's CIccMpeCalculator::Read() function allows attackers to execute arbitrary code or cause denial of serv...
📅 46 days ago • Jan 24, 2026CVE-2021-47904 is an authenticated file upload vulnerability in PhreeBooks 5.2.3 that allows attackers to upload malicious PHP files through the Image...
📅 46 days ago • Jan 23, 2026CVE-2021-47903 is an authenticated command injection vulnerability in LiteSpeed Web Server Enterprise that allows authenticated administrators to exec...
📅 46 days ago • Jan 23, 2026CVE-2021-47888 is an authenticated remote code execution vulnerability in Textpattern CMS that allows logged-in users to upload malicious PHP files an...
📅 46 days ago • Jan 23, 2026This SQL injection vulnerability in the Nelio Content WordPress plugin allows attackers to execute arbitrary SQL commands through specially crafted in...
📅 46 days ago • Jan 23, 2026This CVE describes a Missing Authorization vulnerability in the uPress Booter WordPress plugin's bots-crawlers-manager component that allows attackers...
📅 46 days ago • Jan 23, 2026The Melapress Role Editor WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or hi...
📅 46 days ago • Jan 23, 2026Dell ECS and ObjectScale systems contain default credentials that allow low-privileged attackers with remote access to elevate privileges. This affect...
📅 46 days ago • Jan 23, 2026This vulnerability allows attackers with access to Moodle's restore interface to execute arbitrary code on the server due to insufficient input valida...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALGO 8180 IP Audio Alerter devices through the web in...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALGO 8180 IP Audio Alerter devices through command in...
📅 46 days ago • Jan 23, 2026CVE-2026-0785 is a command injection vulnerability in ALGO 8180 IP Audio Alerter devices that allows authenticated remote attackers to execute arbitra...
📅 46 days ago • Jan 23, 2026CVE-2026-0786 is a command injection vulnerability in ALGO 8180 IP Audio Alerter devices that allows authenticated remote attackers to execute arbitra...
📅 46 days ago • Jan 23, 2026This vulnerability allows network-adjacent attackers to execute arbitrary code on Enel X JuiceBox 40 electric vehicle charging stations without authen...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALGO 8180 IP Audio Alerter devices via command inject...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALGO 8180 IP Audio Alerter devices through the web in...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALGO 8180 IP Audio Alerter devices through the web in...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALGO 8180 IP Audio Alerter devices through the web in...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALGO 8180 IP Audio Alerter devices through the web in...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALGO 8180 IP Audio Alerter devices via command inject...
📅 46 days ago • Jan 23, 2026This vulnerability allows network-adjacent attackers to execute arbitrary code on WatchYourLAN installations without authentication. Attackers can inj...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary system commands on Open WebUI installations. Attackers can inject malici...
📅 46 days ago • Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary Python code on Open WebUI installations via command injection in the loa...
📅 46 days ago • Jan 23, 2026This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerable versions of MCP Manager for Claude Desktop. Att...
📅 46 days ago • Jan 23, 2026A path traversal vulnerability in WebPros WordPress Toolkit before version 6.9.1 allows attackers to escalate privileges by manipulating WordPress dir...
📅 47 days ago • Jan 22, 2026This SQL injection vulnerability in the Traveler WordPress theme allows attackers to execute arbitrary SQL commands through unsanitized user input. It...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the WordPress plugin 'The Grid' that allows attackers to bypass access controls. It affect...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the EventPrime WordPress plugin that allows attackers to bypass access controls. It affect...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Roxnor GetGenie WordPress plugin that allows attackers to bypass access controls. Atta...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Quiz And Survey Master WordPress plugin that allows attackers to bypass access control...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Golo WordPress theme that allows attackers to bypass access controls. It affects all v...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the BD Courier Order Ratio Checker WordPress plugin that allows attackers to bypass access...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Easy Form Builder WordPress plugin that allows attackers to bypass access controls. It...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to escalate privileges in the WP Membership WordPress plugin, potentially granting unauthorized administrative acc...
📅 47 days ago • Jan 22, 2026Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
